Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Api Bfla Api Bola Api Broken Auth Api Broken Object Prop Auth Api Dos Api Improper Inventory Management Api Misconfiguration Api Ssrf Arbitrary File Creation Arbitrary File Read Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities LLM Ldap Injection Llm Excessive Agency Llm Insecure Output Handling Llm Prompt Injection Llm Prompt Leakage Llm Sensitive Information Disclosure Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17559) CVE-2019-17559 CWE-444 CWE-444 Critical Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17565) CVE-2019-17565 CWE-444 CWE-444 Critical Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-1944) CVE-2020-1944 CWE-444 CWE-444 Critical Apache Traffic Server Out-of-bounds Write Vulnerability (CVE-2021-35474) CVE-2021-35474 CWE-787 CWE-787 Critical Apache Traffic Server Unchecked Return Value Vulnerability (CVE-2024-50306) CVE-2024-50306 CWE-252 CWE-252 Critical Artifactory CVE-2019-9733 Vulnerability (CVE-2019-9733) CVE-2019-9733 Critical Artifactory Improper Input Validation Vulnerability (CVE-2016-6501) CVE-2016-6501 CWE-20 CWE-20 Critical Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668) CVE-2022-0668 CWE-269 CWE-269 Critical Artifactory Insufficient Verification of Data Authenticity Vulnerability (CVE-2018-19971) CVE-2018-19971 CWE-345 CWE-345 Critical Artifactory Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-10036) CVE-2016-10036 CWE-434 CWE-434 Critical Artifactory Weak Password Requirements Vulnerability (CVE-2019-17444) CVE-2019-17444 CWE-521 CWE-521 Critical ASP.NET ViewState Weak Validation Key CWE-321 CWE-321 Critical Atlassian Confluence CVE-2023-22515 Vulnerability (CVE-2023-22515) CVE-2023-22515 Critical Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3396) CVE-2019-3396 CWE-22 CWE-22 Critical Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-26084) CVE-2021-26084 CWE-138 CWE-138 Critical Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-22527) CVE-2023-22527 CWE-138 CWE-138 Critical Atlassian Confluence Incorrect Authorization Vulnerability (CVE-2023-22518) CVE-2023-22518 CWE-863 CWE-863 Critical Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26136) CVE-2022-26136 CWE-180 CWE-180 Critical Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137) CVE-2022-26137 CWE-180 CWE-180 Critical Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3395) CVE-2019-3395 CWE-918 CWE-918 Critical Atlassian Confluence Unauthenticated Remote Code Execution Vulnerability (CVE-2022-26134) CVE-2022-26134 Critical Atlassian Jira CVE-2012-2926 Vulnerability (CVE-2012-2926) CVE-2012-2926 Critical Atlassian Jira Deserialization of Untrusted Data Vulnerability (CVE-2017-5983) CVE-2017-5983 CWE-502 CWE-502 Critical Atlassian Jira Deserialization of Untrusted Data Vulnerability (CVE-2020-14172) CVE-2020-14172 CWE-502 CWE-502 Critical Atlassian Jira Improper Authentication Vulnerability (CVE-2022-0540) CVE-2022-0540 CWE-287 CWE-287 Critical Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1165) CVE-2010-1165 CWE-94 CWE-94 Critical Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-11581) CVE-2019-11581 CWE-138 CWE-138 Critical Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-20409) CVE-2019-20409 CWE-138 CWE-138 Critical Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26136) CVE-2022-26136 CWE-180 CWE-180 Critical Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137) CVE-2022-26137 CWE-180 CWE-180 Critical ATutor Improper Authentication Vulnerability (CVE-2014-9753) CVE-2014-9753 CWE-287 CWE-287 Critical ATutor Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-1000002) CVE-2017-1000002 CWE-22 CWE-22 Critical ATutor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-2555) CVE-2016-2555 CWE-138 CWE-138 Critical ATutor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-1000004) CVE-2017-1000004 CWE-138 CWE-138 Critical ATutor Improper Privilege Management Vulnerability (CVE-2017-1000003) CVE-2017-1000003 CWE-269 CWE-269 Critical ATutor Incorrect Authorization Vulnerability (CVE-2019-16114) CVE-2019-16114 CWE-863 CWE-863 Critical axios Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2026-42044) CVE-2026-42044 CWE-915 CWE-915 Critical axios Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2026-42264) CVE-2026-42264 CWE-1321 CWE-1321 Critical axios Origin Validation Error Vulnerability (CVE-2024-57965) CVE-2024-57965 CWE-346 CWE-346 Critical axios Permissive List of Allowed Inputs Vulnerability (CVE-2026-42043) CVE-2026-42043 CWE-183 CWE-183 Critical axios Unintended Proxy or Intermediary ('Confused Deputy') Vulnerability (CVE-2025-62718) CVE-2025-62718 CWE-441 CWE-441 Critical Axway Secure Transport Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-14277) CVE-2019-14277 CWE-611 CWE-611 Critical b2evolution Improper Input Validation Vulnerability (CVE-2017-1000423) CVE-2017-1000423 CWE-20 CWE-20 Critical b2evolution Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-5539) CVE-2017-5539 CWE-22 CWE-22 Critical b2evolution Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-8901) CVE-2016-8901 CWE-138 CWE-138 Critical b2evolution Use of Insufficiently Random Values Vulnerability (CVE-2022-30935) CVE-2022-30935 CWE-330 CWE-330 Critical Bash code injection vulnerability CVE-2014-6271 CWE-78 CWE-78 Critical Beego Framework CVE-2021-30080 Vulnerability (CVE-2021-30080) CVE-2021-30080 Critical Beego Framework CVE-2022-31259 Vulnerability (CVE-2022-31259) CVE-2022-31259 Critical Beego Framework Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-31836) CVE-2022-31836 CWE-22 CWE-22 Critical Beego Framework Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-30223) CVE-2025-30223 CWE-707 CWE-707 Critical Broken access control in Confluence Server and Data Center (CVE-2023-22515) CVE-2023-22515 CWE-284 CWE-284 Critical Cacti Unauthenticated Command Injection (CVE-2022-46169) CVE-2022-46169 CWE-77 CWE-77 Critical Caddy Web Server Improper Authentication Vulnerability (CVE-2018-21246) CVE-2018-21246 CWE-287 CWE-287 Critical Caddy Web Server Improper Handling of Case Sensitivity Vulnerability (CVE-2026-27587) CVE-2026-27587 CWE-178 CWE-178 Critical Caddy Web Server Improper Handling of Case Sensitivity Vulnerability (CVE-2026-27588) CVE-2026-27588 CWE-178 CWE-178 Critical Caddy Web Server Improper Handling of Exceptional Conditions Vulnerability (CVE-2026-27586) CVE-2026-27586 CWE-755 CWE-755 Critical Caddy Web Server Improper Input Validation Vulnerability (CVE-2026-27590) CVE-2026-27590 CWE-20 CWE-20 Critical CakePHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-22727) CVE-2023-22727 CWE-138 CWE-138 Critical CData Jetty Path Traversal (CVE-2024-31848/CVE-2024-31849/CVE-2024-31850/CVE-2024-31851) CVE-2024-31848 CVE-2024-31849 CVE-2024-31850 CVE-2024-31851 CWE-22 CWE-22 Critical Chamilo Deserialization of Untrusted Data Vulnerability (CVE-2025-52998) CVE-2025-52998 CWE-502 CWE-502 Critical Chamilo Files or Directories Accessible to External Parties Vulnerability (CVE-2026-33698) CVE-2026-33698 CWE-552 CWE-552 Critical Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1999019) CVE-2018-1999019 CWE-94 CWE-94 Critical Chamilo Improper Handling of Case Sensitivity Vulnerability (CVE-2023-3545) CVE-2023-3545 CWE-178 CWE-178 Critical Chamilo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-3533) CVE-2023-3533 CWE-22 CWE-22 Critical Chamilo Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2025-50187) CVE-2025-50187 CWE-707 CWE-707 Critical Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35414) CVE-2021-35414 CWE-707 CWE-707 Critical Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-55208) CVE-2025-55208 CWE-707 CWE-707 Critical Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-55289) CVE-2025-55289 CWE-707 CWE-707 Critical Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59542) CVE-2025-59542 CWE-707 CWE-707 Critical Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59543) CVE-2025-59543 CWE-707 CWE-707 Critical Chamilo Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2023-34960) CVE-2023-34960 CWE-138 CWE-138 Critical Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-3368) CVE-2023-3368 CWE-138 CWE-138 Critical Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-34187) CVE-2021-34187 CWE-138 CWE-138 Critical Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-27423) CVE-2022-27423 CWE-138 CWE-138 Critical 12345...22 2 / 22